First Last Prev Next    This bug is not in your last search results.
Bug 39787 - nss: Multiple issues (4.0)
nss: Multiple issues (4.0)
Status: CLOSED WONTFIX
Product: UCS
Classification: Unclassified
Component: Security updates
UCS 4.0
Other Linux
: P2 normal (vote)
: UCS 4.0-5-errata
Assigned To: Security maintainers
Stefan Gohmann
:
Depends on: 41329
Blocks: 39788 41334
  Show dependency treegraph
 
Reported: 2015-11-04 21:29 CET by Arvid Requate
Modified: 2016-06-02 06:22 CEST (History)
4 users (show)

See Also:
What kind of report is it?: ---
What type of bug is this?: ---
Who will be affected by this bug?: ---
How will those affected feel about the bug?: ---
User Pain:
Enterprise Customer affected?:
School Customer affected?:
ISV affected?:
Waiting Support:
Flags outvoted (downgraded) after PO Review:
Ticket number:
Bug group (optional): Security
Max CVSS v3 score:
requate: Patch_Available+

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Arvid Requate univentionstaff 2015-11-04 21:29:55 CET 
The following security issues have been identified in the Network Security Service (nss):

* ASan: use-after-poison in sec_asn1d_parse_leaf function (CVE-2015-7181)
* ASN.1 decoder heap overflow when decoding constructed OCTET STRING (CVE-2015-7182)
Comment 1 Arvid Requate univentionstaff 2016-01-26 12:44:47 CET 
* MD5 Downgrade in TLS 1.2 Signatures (CVE-2015-7575)
Comment 2 Arvid Requate univentionstaff 2016-02-22 13:06:50 CET 
* The s_mp_div function in lib/freebl/mpi/mpi.c in Mozilla Network Security Services (NSS) before 3.21, improperly divides numbers, which might make it easier for remote attackers to defeat cryptographic protection mechanisms by leveraging use of the (1) mp_div or (2) mp_exptmod function (CVE-2016-1938)
Comment 3 Arvid Requate univentionstaff 2016-05-23 19:11:35 CEST 
Not affected by CVE-2015-7575:  TLS 1.2 not supported in 3.14, only 3.15.1 and above)
Comment 4 Arvid Requate univentionstaff 2016-05-23 19:11:42 CEST 
Upstream Debian package version 2:3.14.5-1+deb7u6 fixes these issues:

* The sec_asn1d_parse_leaf function improperly restricts access to an unspecified data structure (CVE-2015-7181)

* Heap-based buffer overflow in the ASN.1 decoder (CVE-2015-7182)

* The s_mp_div function in lib/freebl/mpi/mpi.c in improperly divides numbers, which might make it easier for remote attackers to defeat cryptographic protection mechanisms (CVE-2016-1938)

* Heap-based buffer overflow allows remote attackers to execute arbitrary code via crafted ASN.1 data in an X.509 certificate (CVE-2016-1950)

* Use-after-free vulnerability in the ssl3_HandleECDHServerKeyExchange function allows remote attackers to cause a denial of service or possibly have unspecified other impact by making an SSL (1) DHE or (2) ECDHE handshake at a time of high memory consumption (CVE-2016-1978)

* Use-after-free vulnerability in the PK11_ImportDERPrivateKeyInfoAndReturnKey function allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted key data with DER encoding (CVE-2016-1979)
Comment 5 Arvid Requate univentionstaff 2016-06-01 19:10:39 CEST 
UCS 4.0 is out of maintenance. See Depends field for the UCS 4.1 specific bug.
Comment 6 Stefan Gohmann univentionstaff 2016-06-02 06:22:07 CEST 
OK
Comment 7 Stefan Gohmann univentionstaff 2016-06-02 06:22:23 CEST 
Nothing to release
First Last Prev Next    This bug is not in your last search results.